Documentation ¶
Index ¶
- Variables
- func NewSecret() (secret []byte, err error)
- type APIKey
- type Action
- type ActionType
- type Caveat
- func (c *Caveat) Allows(action Action) bool
- func (*Caveat) Descriptor() ([]byte, []int)
- func (m *Caveat) GetAllowedPaths() []*Caveat_Path
- func (m *Caveat) GetDisallowDeletes() bool
- func (m *Caveat) GetDisallowLists() bool
- func (m *Caveat) GetDisallowReads() bool
- func (m *Caveat) GetDisallowWrites() bool
- func (m *Caveat) GetNonce() []byte
- func (m *Caveat) GetNotAfter() *time.Time
- func (m *Caveat) GetNotBefore() *time.Time
- func (*Caveat) ProtoMessage()
- func (m *Caveat) Reset()
- func (m *Caveat) String() string
- func (m *Caveat) XXX_DiscardUnknown()
- func (m *Caveat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Caveat) XXX_Merge(src proto.Message)
- func (m *Caveat) XXX_Size() int
- func (m *Caveat) XXX_Unmarshal(b []byte) error
- type Caveat_Path
- func (*Caveat_Path) Descriptor() ([]byte, []int)
- func (m *Caveat_Path) GetBucket() []byte
- func (m *Caveat_Path) GetEncryptedPathPrefix() []byte
- func (*Caveat_Path) ProtoMessage()
- func (m *Caveat_Path) Reset()
- func (m *Caveat_Path) String() string
- func (m *Caveat_Path) XXX_DiscardUnknown()
- func (m *Caveat_Path) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Caveat_Path) XXX_Merge(src proto.Message)
- func (m *Caveat_Path) XXX_Size() int
- func (m *Caveat_Path) XXX_Unmarshal(b []byte) error
- type Macaroon
- func (m *Macaroon) AddFirstPartyCaveat(c []byte) (macaroon *Macaroon, err error)
- func (m *Macaroon) CaveatLen() int
- func (m *Macaroon) Caveats() (caveats [][]byte)
- func (m *Macaroon) Copy() *Macaroon
- func (m *Macaroon) Head() (head []byte)
- func (m *Macaroon) Serialize() (data []byte)
- func (m *Macaroon) Tail() (tail []byte)
- func (m *Macaroon) Tails(secret []byte) [][]byte
- func (m *Macaroon) Validate(secret []byte) (ok bool)
Constants ¶
This section is empty.
Variables ¶
var ( // Error is a general API Key error Error = errs.Class("api key error") // ErrFormat means that the structural formatting of the API Key is invalid ErrFormat = errs.Class("api key format error") // ErrInvalid means that the API Key is improperly signed ErrInvalid = errs.Class("api key invalid error") ErrUnauthorized = errs.Class("api key unauthorized error") // ErrRevoked means the API key has been revoked ErrRevoked = errs.Class("api key revocation error") )
Functions ¶
Types ¶
type APIKey ¶
type APIKey struct {
// contains filtered or unexported fields
}
APIKey implements a Macaroon-backed Storj-v3 API key.
func NewAPIKey ¶
NewAPIKey generates a brand new unrestricted API key given the provided server project secret
func ParseAPIKey ¶
ParseAPIKey parses a given api key string and returns an APIKey if the APIKey was correctly formatted. It does not validate the key.
func (*APIKey) Check ¶
Check makes sure that the key authorizes the provided action given the root project secret and any possible revocations, returning an error if the action is not authorized. 'revoked' is a list of revoked heads.
type Action ¶
type Action struct { Op ActionType Bucket []byte EncryptedPath []byte Time time.Time }
Action specifies the specific operation being performed that the Macaroon will validate
type ActionType ¶
type ActionType int
ActionType specifies the operation type being performed that the Macaroon will validate
const ( // ActionRead specifies a read operation ActionRead ActionType // ActionWrite specifies a read operation ActionWrite // ActionList specifies a read operation ActionList // ActionDelete specifies a read operation ActionDelete )
type Caveat ¶
type Caveat struct { // if any of these three are set, disallow that type of access DisallowReads bool `protobuf:"varint,1,opt,name=disallow_reads,json=disallowReads,proto3" json:"disallow_reads,omitempty"` DisallowWrites bool `protobuf:"varint,2,opt,name=disallow_writes,json=disallowWrites,proto3" json:"disallow_writes,omitempty"` DisallowLists bool `protobuf:"varint,3,opt,name=disallow_lists,json=disallowLists,proto3" json:"disallow_lists,omitempty"` DisallowDeletes bool `protobuf:"varint,4,opt,name=disallow_deletes,json=disallowDeletes,proto3" json:"disallow_deletes,omitempty"` AllowedPaths []*Caveat_Path `protobuf:"bytes,10,rep,name=allowed_paths,json=allowedPaths,proto3" json:"allowed_paths,omitempty"` // if set, the validity time window NotAfter *time.Time `protobuf:"bytes,20,opt,name=not_after,json=notAfter,proto3,stdtime" json:"not_after,omitempty"` NotBefore *time.Time `protobuf:"bytes,21,opt,name=not_before,json=notBefore,proto3,stdtime" json:"not_before,omitempty"` // nonce is set to some random bytes so that you can make arbitrarily // many restricted macaroons with the same (or no) restrictions. Nonce []byte `protobuf:"bytes,30,opt,name=nonce,proto3" json:"nonce,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*Caveat) Descriptor ¶
func (*Caveat) GetAllowedPaths ¶ added in v0.12.0
func (m *Caveat) GetAllowedPaths() []*Caveat_Path
func (*Caveat) GetDisallowDeletes ¶
func (*Caveat) GetDisallowLists ¶
func (*Caveat) GetDisallowReads ¶
func (*Caveat) GetDisallowWrites ¶
func (*Caveat) GetNotAfter ¶
func (*Caveat) GetNotBefore ¶
func (*Caveat) ProtoMessage ¶
func (*Caveat) ProtoMessage()
func (*Caveat) XXX_DiscardUnknown ¶
func (m *Caveat) XXX_DiscardUnknown()
func (*Caveat) XXX_Marshal ¶
func (*Caveat) XXX_Unmarshal ¶
type Caveat_Path ¶ added in v0.12.0
type Caveat_Path struct { Bucket []byte `protobuf:"bytes,1,opt,name=bucket,proto3" json:"bucket,omitempty"` EncryptedPathPrefix []byte `protobuf:"bytes,2,opt,name=encrypted_path_prefix,json=encryptedPathPrefix,proto3" json:"encrypted_path_prefix,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
If any entries exist, require all access to happen in at least one of them.
func (*Caveat_Path) Descriptor ¶ added in v0.12.0
func (*Caveat_Path) Descriptor() ([]byte, []int)
func (*Caveat_Path) GetBucket ¶ added in v0.12.0
func (m *Caveat_Path) GetBucket() []byte
func (*Caveat_Path) GetEncryptedPathPrefix ¶ added in v0.12.0
func (m *Caveat_Path) GetEncryptedPathPrefix() []byte
func (*Caveat_Path) ProtoMessage ¶ added in v0.12.0
func (*Caveat_Path) ProtoMessage()
func (*Caveat_Path) Reset ¶ added in v0.12.0
func (m *Caveat_Path) Reset()
func (*Caveat_Path) String ¶ added in v0.12.0
func (m *Caveat_Path) String() string
func (*Caveat_Path) XXX_DiscardUnknown ¶ added in v0.12.0
func (m *Caveat_Path) XXX_DiscardUnknown()
func (*Caveat_Path) XXX_Marshal ¶ added in v0.12.0
func (m *Caveat_Path) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Caveat_Path) XXX_Merge ¶ added in v0.12.0
func (m *Caveat_Path) XXX_Merge(src proto.Message)
func (*Caveat_Path) XXX_Size ¶ added in v0.12.0
func (m *Caveat_Path) XXX_Size() int
func (*Caveat_Path) XXX_Unmarshal ¶ added in v0.12.0
func (m *Caveat_Path) XXX_Unmarshal(b []byte) error
type Macaroon ¶
type Macaroon struct {
// contains filtered or unexported fields
}
Macaroon is a struct that determine contextual caveats and authorization
func NewUnrestricted ¶
NewUnrestricted creates Macaroon with random Head and generated Tail
func ParseMacaroon ¶
ParseMacaroon converts binary to macaroon
func (*Macaroon) AddFirstPartyCaveat ¶
AddFirstPartyCaveat creates signed macaroon with appended caveat